Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
3,907 Commits 133 Branches 44 Tags 106 MiB
3ce10eb00f
Commit Graph

927 Commits

Author SHA1 Message Date
Malte Poll
3ce10eb00f terraform: allow STACKIT / OpenStack instance type to be UUID or name 2024-02-28 15:48:53 +01:00
edgelessci
79aaa77b6b
image: update measurements and image version (#2950) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-02-28 10:02:33 +01:00
edgelessci
b2ab5869b3
image: update measurements and image version (#2943) 
Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com>
 2024-02-23 09:33:12 +01:00
3u13r
2a61861a1c
stackit: add k8s api load balancer (#2925) 2024-02-22 17:39:34 +01:00
renovate[bot]
62acec17f6
deps: update Constellation containers (#2921) 
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2024-02-22 14:04:42 +01:00
Malte Poll
00d39ff7fa helm: update edgelesssys cinder-csi-plugin 2024-02-22 12:43:04 +01:00
Malte Poll
31f65fb486 openstack: find node CIDR with multiple subnets 2024-02-22 12:43:04 +01:00
Malte Poll
d8185fdafb helm: use patched yawol with support for subnet choice 
Constellation requires a CIDR that only Kubernetes nodes live in.
This is needed for cilium encryption.
To make yawol LBs work, they need to be placed in a different subnet
with their own CIDR.
This patched version supports that.
 2024-02-22 12:43:04 +01:00
Malte Poll
1e987f6a85 terraform: add subnet for OpenStack LBs 2024-02-22 12:43:04 +01:00
Malte Poll
9d164de18b
helm: avoid waiting for non-essential services (#2939) 
In our e2e tests, we see a lot of "etcd-leader changed" errors
while deploying non-essential helm charts.
If this transient error occurs, helm gets into a broken state
where it cannot uninstall cleanly and thus any retry attempts fail.
By not waiting for the installation of helm charts to succeed,
we can avoid making most of the kubernetes API calls while
control-plane nodes are joining.
This makes "constellation apply" faster and more resilient.
 2024-02-22 12:18:55 +01:00
Malte Poll
522f2858c6 proto: update generated protobuf sources 2024-02-21 18:40:16 +01:00
Malte Poll
8541365341 sigstore: replace use of deprecated module go-tuf 2024-02-21 18:40:16 +01:00
Malte Poll
65903459a0 chore: fix unused parameter lint in new golangcilint version 2024-02-21 17:54:07 +01:00
renovate[bot]
cdd80a4f3f
deps: update dependency containernetworking/plugins to v1.4.0 (#2896) 
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2024-02-21 17:42:48 +01:00
miampf
96c5980651
cli: collect debug logs in file (#2906) 2024-02-21 15:39:12 +00:00
Malte Poll
59faa2b692 attestation: add hardcoded OpenStack enterprise measurements 2024-02-21 13:31:32 +01:00
katexochen
70ff097e12 image: update measurements and image version 2024-02-21 08:49:20 +01:00
Malte Poll
a4d25646f5 deps: update to bazel 7 2024-02-20 12:50:13 +01:00
Malte Poll
75f16ce87b image: upload OpenStack images to OpenStack 2024-02-19 18:16:45 +01:00
Malte Poll
6f9020d527 cli: use pre-uploaded image on OpenStack 
Before, the terraform infrastructure code would upload an image on the fly.
Now, we upload images in advance and specify the image ID instead.
 2024-02-19 18:16:45 +01:00
renovate[bot]
3b2da12781
deps: update Constellation containers (#2919) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-19 16:14:05 +01:00
renovate[bot]
75f1c0b3e1
deps: update registry.k8s.io/autoscaling/cluster-autoscaler Docker tag to v1.27.5 (#2761) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-16 13:26:59 +01:00
edgelessci
bc4d514fb1
image: update measurements and image version (#2912) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-16 08:49:16 +01:00
Malte Poll
896f68c26d helm: update edgelesssys cinder-csi-plugin 2024-02-15 12:35:15 +01:00
Malte Poll
92589a80e2 helm: update yawol 2024-02-15 12:35:15 +01:00
Daniel Weiße
f9442cecb1
helm: fix log formatting (#2905) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-14 08:52:46 +01:00
edgelessci
6829c27178
image: update measurements and image version (#2908) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-14 08:25:10 +01:00
Malte Poll
270497ef62
helm: move yawol into a separate release (#2904) 2024-02-12 14:26:22 +01:00
Malte Poll
b5e848a87e terraform: provide required configuration for yawol on OpenStack 2024-02-12 13:13:48 +01:00
Malte Poll
bab27fbc69 openstack: remove unused code 2024-02-12 13:13:48 +01:00
Malte Poll
5b73d48bdd
helm: insert openstack secret for ccm (#2897) 2024-02-09 11:14:44 +01:00
katexochen
a89133ae81 image: update measurements and image version 2024-02-09 08:11:46 +01:00
miampf
54cce77bab
deps: convert zap to slog (#2825) 2024-02-08 14:20:01 +00:00
edgelessci
bd3eed8504
image: update measurements and image version (#2895) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-07 08:19:43 +01:00
Moritz Sanft
901edd420b
terraform: remove cloud loggers (#2892) 
* terraform: remove cloud logging apps

* internal/cloud: remove loggers

* bootstrapper: remove logging

* qemu-metadata-api: remove logging endpoint

* docs: add instructions on how to get boot logs

* bazel: tidy

* docs: fix typo

* cloud: remove unused types

* Update go.mod

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* bazel: tidy

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: elaborate on how to get boot logs

* bazel: tidy

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-02-06 14:27:30 +01:00
Moritz Sanft
dde3430da8
terraform: support AWS marketplace images (#2888) 
* terraform: support AWS marketplace images

* terraform-provider: support AWS marketplace images

* docs: add instructions on AWS marketplace images

* ci: adapt marketplace image test for AWS

* Update internal/config/config.go

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>

* docs: update config

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: update license information

* docs: use CSP tabs for marketplace overview

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

---------

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-02-06 12:13:59 +01:00
Markus Rudy
c020f7ac20
cleanup: various minor debugging improvements (#2889) 
* ci: improve constellation_create error message

When we hit a timeout due to nodes not coming up, the actual error
message is hard to make out because it's buried in a group. With the
right formatting, the error message will be highlighted in the UI.

Another improvement is to output the state of nodes, which helps
debugging the cause of nodes not joining or not becoming ready.

* cleanup: use NodeVersionResourceName constant

... instead of literal strings.

* ci: correctly notify on e2e upgrade error

* atls: report cert extension OIDs on mismatch

If the certificate contains an attestation document for SEV-SNP, but the
given validator is for Nitro, verifyEmbeddedReport should not claim that
there is no attestation document, but that there is no _compatible_ one
and what the incompatible ones were.
 2024-02-02 16:46:28 +01:00
edgelessci
711b53d5c0
image: update measurements and image version (#2886) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-02 09:10:12 +01:00
Adrian Stobbe
489e07677e
ref: pre v2.15 cleanup (#2871) 2024-01-29 21:32:37 +01:00
Moritz Eckert
2413356375
image: replicate to us-east-1 for aws marketplace (#2870) 2024-01-29 14:44:33 +01:00
edgelessci
6d4a8d594e
image: update measurements and image version (#2866) 
Co-authored-by: malt3 <malt3@users.noreply.github.com>
 2024-01-29 11:27:13 +01:00
Malte Poll
e2e3935896 image: use different replication regions for SNP and TDX 2024-01-26 17:58:08 +01:00
Daniel Weiße
ecae1c8f9a Fix default instanceType generation 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-26 17:06:28 +01:00
Markus Rudy
597a923a7f
cilium: performance fixes and reproducible images (#2855) 
* helm: bump cilium version

* helm: patch Cilium chart version
 2024-01-26 17:03:40 +01:00
Daniel Weiße
78b9b0fc96
terraform-provider: enable Azure TDX (#2854) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-26 15:46:21 +01:00
edgelessci
49a806a874
image: update measurements and image version (#2859) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-26 08:15:43 +01:00
Markus Rudy
9fb6c3216e
helm: remove kube-rbac-proxy (#2849) 2024-01-25 10:06:40 +01:00
Daniel Weiße
e350ca0f57
attestation: add Azure TDX attestation (#2827) 
* Implement Azure TDX attestation primitives
* Add default measurements and claims for Azure TDX
* Enable Constellation on Azure TDX

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-24 15:10:15 +01:00
edgelessci
6ae59bb986
image: update measurements and image version (#2848) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-01-24 08:22:48 +01:00
Malte Poll
c8ffba0366 measurements: update expected PCR[1] on GCP 2024-01-23 21:55:12 +01:00